Menu
▾
▴
Re: [Sshguard-users] Blocking Failures
|
From: Mij <mi...@bi...> - 2009-02-01 19:31:52
|
Hello Greg, On Jan 20, 2009, at 15:34 , Greg Parrish wrote: > I am having two issues with the 1.3 release as seen in the logs below. > This is on a Centos4 host using the auth.log method piped to sshguard > and not the syslog method. > > 1. Here the logs all have ffff in them and I am not sure why this is > but > it seems normal from some other posts out there but it fails to > block. I > have this running on a Centos3 host and it is working fine but there > is > no ffff in the log entries which I assume is causing the failure. > > Jan 20 09:26:18 arnold sshd[9297]: Did not receive identification > string > from ::ffff:192.168.122.234 > Jan 20 09:26:18 arnold sshd[9298]: Did not receive identification > string > from ::ffff:192.168.122.234 > Jan 20 09:26:18 arnold sshguard[3308]: Blocking ::ffff:192: 2 failures > over 0 seconds. > Jan 20 09:26:18 arnold sshguard[3308]: Blocking command failed. > Exited: -1 do you have the system utility ip6tables ? This is what sshguard needs to block IPv6 addresses. > 2. The above is an internal host so I am not concerned about him other > than the blocking is failing. From testing on an outside host it just > registers the failed login but never even reports a block attempt > there > after I failed the login many times. Here are my params. > > 2 failures, in 30 minutes, block them for a month. > /usr/local/sbin/sshguard -a 2 -p 25920000 -s 1800 1) Do you have debug-level entries for when you tried this? 2) what kind of log messages do you expect to cause blocking? Did you try to inject them manually in "sshguard -d" and see if it detects them? 3) "-p 25920000" : this is dangerous, use with care. If you want blacklisting, have a look at sshguard 1.4 (from SVN) which has it out of the box > > > > Thanks, > greg > > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by: > SourcForge Community > SourceForge wants to tell your story. > http://p.sf.net/sfu/sf-spreadtheword > _______________________________________________ > Sshguard-users mailing list > Ssh...@li... > https://lists.sourceforge.net/lists/listinfo/sshguard-users |
